10 年之前 · 7c725a60e2
--- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java
@@ -94,6 +94,7 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 
				 	public void setRolePrefix(String rolePrefix) {
			
 
				 		Assert.notNull(rolePrefix, "Role prefix must not be null");
			
 
				 		this.rolePrefix = rolePrefix;
			
 
				+		updateFactory();
			
 
				 	}
			
 
				 
			
 
				 	/**
			
@@ -172,6 +173,10 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 
				 	@Override
			
 
				 	public void afterPropertiesSet() throws ServletException {
			
 
				 		super.afterPropertiesSet();
			
 
				+		updateFactory();
			
 
				+	}
			
 
				+
			
 
				+	private void updateFactory() {
			
 
				 		requestFactory = isServlet3() ? createServlet3Factory(rolePrefix)
			
 
				 				: new HttpServlet25RequestFactory(trustResolver, rolePrefix);
			
 
				 	}
			
@@ -186,6 +191,7 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 
				 	public void setTrustResolver(AuthenticationTrustResolver trustResolver) {
			
 
				 		Assert.notNull(trustResolver, "trustResolver cannot be null");
			
 
				 		this.trustResolver = trustResolver;
			
 
				+		updateFactory();
			
 
				 	}
			
 
				 
			
 
				 	private HttpServletRequestFactory createServlet3Factory(String rolePrefix) {
			
--- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
@@ -379,6 +379,16 @@ public class SecurityContextHolderAwareRequestFilterTests {
 
				 				.isEqualTo(runnable);
			
 
				 	}
			
 
				 
			
 
				+	// SEC-3047
			
 
				+	@Test
			
 
				+	public void updateRequestFactory() throws Exception {
			
 
				+		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user",
			
 
				+				"password", "PREFIX_USER"));
			
 
				+		filter.setRolePrefix("PREFIX_");
			
 
				+
			
 
				+		assertThat(wrappedRequest().isUserInRole("PREFIX_USER")).isTrue();;
			
 
				+	}
			
 
				+
			
 
				 	private HttpServletRequest wrappedRequest() throws Exception {
			
 
				 		filter.doFilter(request, response, filterChain);
			
 
				 		verify(filterChain).doFilter(requestCaptor.capture(),